Posted: Fri Feb 21, 2020 22:33 Post subject: Linksys WRT1200ac v1 and NordVPN
I've been reading for a while, but first time poster.
A bit of background first. I have a Linksys WRT1200ac (v1) and have had a devil of a time trying to install DD-WRT. This router is connected to the main router and is to be used as a WiFi router with a dedicated VPN. After continual flash fails, I finally found a version that would install - DD-WRT build 34315, but it's 2 year old firmware and I'm worried about unpatched security issues as well as missing optimisations. After all the failures I installed OpenWRT, but it was far too customisable for my needs so have returned to DD-WRT.
Anyway, that's issue number one, the bigger issue is my NordVPN connection. I've been able to connect successfully, but Netflix keeps throwing an error that it detects I'm behind a proxy or unblocker. I can see that WebRTC checks on https://ipleak.net show the IP address of the device provided by the Linksys router.
I've updated the OpenVPN configuration to different servers, but the huge problem I'm having is it's not updating the the new server but continually connecting to a previous server. The log gives this line:
Code:
20200222 09:04:20 I TCP/UDP: Preserving recently used remote address: [AF_INET]84.17.35.246:1194
I've power cycled the router multiple times but it is continually connecting to this UK server when I'd like it to connect to a US server. It refuses to change. TBH, I thought the certificates would be different for each of their servers so the connection should be rejected.
Any tips on dealing with either of these issues? I'd really like to have a more recent DD-WRT but it refuses to install. I have a serial cable so if there's a way to do it via serial I'm all ears. I would like to keep the original Linksys firmware on the second partition as a rescue partition for the future.
Joined: 30 May 2017 Posts: 582 Location: Rural Manitoba
Posted: Fri Feb 21, 2020 23:55 Post subject:
Issue #2 - Can't help but I am sure there are many who will jump in assist.
As far as beta builds for the 1200 V1. Most of the recent builds work fine. r40009 is still considered to be the most stable. I am using 42410 and find it extremely stable but others have had some problems with it. My only quirk was with the Wi-Fi setup which BS is currently revamping. Once I redid my settings and rebooted all went well and has been for the past 4 days. I had updated without reset over my 5Ghz link to the 1200, so that should tell you a bit about how it takes to the build. _________________ Starlink & DSL -> TPLink TL-R470T+
->
WRT3200acm Master WDS 5GHz 80Mhz CH 100 (+6) r55819
Ath1 2.4Ghz Disabled
99 Static Leases
ExpressVPN
WRT3200acm r55819 WDS Station 5Ghz
Ath1 AP N/G Mixed Channel 11 HT40
WRT1900Ac V1 5Ghz r55819 WDS Station
(Defective, no 2.4Ghz but 5Ghz works great)
WRT1900AC V1 5Ghz AC 80Mhz WDS Station r55819
2.4Ghz AP Ch1 HT20 Mixed
WRT1900ACS SPARE r54914
WRT1900AC SPARE r54914
WRT1900AC V1 5Ghz AC 80Mhz WDS-AP r55819
2.4Ghz AP Ch1 HT20 Mixed
WRT54G DD-WRT v3.0-r37305 micro AP CH 6 Mixed - Not in use
Issue #1 I'm currently running r42410 on two WRT1200ac v1's with minimal issues. I have had some GUI issues but none with this release so far. I had no issues with r41986.
Issue #2 I don't use NordVPN but I believe you indicated it was behind another router? You may have to enable VPN Passthrough on the primary router in order for the secondary routers VPN to connect??
I run ExpressVPN apps on android devices behind my 1200's. The apps will not connect to the desired server unless VPN Passthrough (IPSec Passthrough) is enabled. Might try enabling the pass through on your primary router as a starting point?
Joined: 04 Aug 2018 Posts: 1447 Location: Appalachian mountains, USA
Posted: Sat Feb 22, 2020 18:44 Post subject:
NordVPN posts apparently different certificate files for each server, but if you actually compare the files, they are the same.
I see the note in the log also about "Preserving recently used remote address," but it never seems to actually interfere with moving to the new server. It's as if it's some temporary thing. Then openvpn moves on to the new server. I never had trouble using extra vpn client Additional Config lines like
and a "remote-random" line also, so that it picks at random from the various servers you've specified either this way or on the primary server line further up the page. You can kick it into changing to a new server, doing the random drawing again, with "killall -HUP openvpn" in the CLI. (See related link in my sig.) Note that I don't know whether the example line above is still valid. Nord keeps changing server numbers, eliminating some and adding others. I found that keeping a router config current and working with a list of valid Nord server specs required attention every few months at most.
Of course you'll get the netflix block. Nord claims in their promotional material that they are netflix compatible, but it's simply not true. Netflix aggressively tracks which IPs are known vpn exit nodes and blocks them. Nord is probably the most visible vpn firm on the planet. Something like 5% of the US population downloaded their app last year.
Some of the vpn firms' servers will not work for streaming through a router connection but will work on a computer through their own apps, where they can do fancier footwork to dodge the blocking. One hears of "Smart DNS" and the like. I'm not sure where Nord is on all this.
By reputation ExpressVPN is the strongest re streaming, but I've never tried them. Nord is really the only one I've tried for streaming, and using their Android TV app, I cannot stream Netflix, Hulu, or Amazon Prime. I have not tried Disney+, but I've seem forum reports of people struggling with their blocking. I can usually stream The Criterion Collection (classic films) and most or all of the TV news networks just fine, which is unsurprising since the blocking is usually a legal thing to do with licensing restrictions on current content. If Netflix buys US streaming rights to a film, they most likely are contractually obligated to do their best to block non-US viewers using VPNs. Of course when they see someone connecting from a VPN, they cannot tell where you are, so blocking is the only option their licensing contracts allow. _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.